mqian@chefwork:~/chef-repo$ knife client list
ERROR: Service temporarily unavailable
/opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:325:in stream_check': undefined methodclosed?’ for nil:NilClass (NoMethodError)
from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:199:in read_body' from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:226:inbody’
from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:507:in rescue in format_rest_error' from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:505:informat_rest_error’
from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:485:in humanize_http_exception' from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:435:inhumanize_exception’
from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:426:in rescue in run_with_pretty_exceptions' from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:417:inrun_with_pretty_exceptions’
from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:214:in run' from /opt/chefdk/embedded/apps/chef/lib/chef/application/knife.rb:142:inrun’
from /opt/chefdk/embedded/apps/chef/bin/knife:25:in <top (required)>' from /opt/chefdk/bin/knife:51:inload’
from /opt/chefdk/bin/knife:51:in `’

trusted_certs_dir: "/home/mqian/chef-repo/.chef/trusted_certs"
WARNING: There are invalid certificates in your trusted_certs_dir.
OpenSSL will not use the following certificates when verifying SSL connections:

/home/mqian/chef-repo/.chef/trusted_certs/chefserver.crt: certificate is not yet valid

TO FIX THESE WARNINGS:

We are working on documentation for resolving common issues uncovered here.

If the certificate is generated by the server, you may try redownloading the
server’s certificate. By default, the certificate is stored in the following
location on the host where your chef-server runs:

/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: /home/mqian/chef-repo/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server’s certificate is now trusted.

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server’s certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: /home/mqian/chef-repo/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server’s certificate is now trusted.

That’s expected, fetch gets only the chef certificate, you’ll have to get the proxy certificate wich doing a MITM will be the CA for the server certificate.

Best option is to use a browser to open the server webui if you have it, or any other https site, then in your browser show certificates, and save them in file as x509 in the trusted_certs dir (last time I tried I had to add it to chef cacert.pem file for this case)